Vulnerability CVE-2011-0522
Published: 2011-02-07   Modified: 2012-02-13

Description:
The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.

See advisories in our WLB2 database:
Topic
Author
Date
High
VLC Media Player Subtitle StripTags() Function Memory Corruption
Harry Sintonen
09.02.2011

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Videolan -> Vlc media player 

 References:
http://www.openwall.com/lists/oss-security/2011/01/25/9
http://www.openwall.com/lists/oss-security/2011/01/25/7
http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078607.html
http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=tag;h=bb16813ddb61a53113c71bccc525559405785452
http://xforce.iss.net/xforce/xfdb/65029
http://www.vupen.com/english/advisories/2011/0225
http://www.securityfocus.com/bid/46008
http://www.exploit-db.com/exploits/16108
http://securityreason.com/securityalert/8064
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12414
http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078614.html
Copyright 2024, cxsecurity.com

 

Back to Top